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- 77ie MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)13 Responsive to communication(s) filed on 19 July 2000 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 7-23 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) H Claim(s) 1-23 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 13 The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 19 July 2000 is/are: a)[2 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 185(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1 ) (3 Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) D Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 





Application/Control Number: 09/61 9,205 
Art Unit: 2131 



Page 2 



DETAILED ACTION 



1 . Claims 1-20 have been examined and are pending. 



Specification 



2. Applicant is required to update the status (pending, allowed, etc.) of all parent 
priority applications in the first line of the specification. The status of all citations of US 
filed applications in the specification should also be updated where appropriate. 



The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. See In re Goodman, 1 1 
F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 
USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 
1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970);and, In re Thorington, 
418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321(c) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double 
patenting ground provided the conflicting application or patent is shown to be commonly 
owned with this application. See 37 CFR 1.130(b). 

Effective January 1, 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 



Double Patenting 
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3. Claims 1-6, 8, 10-13,15,17-20, and 22 are provisionally rejected under the 
judicially created doctrine of obviousness-type double patenting as being unpatentable 
over claims 1-6, 8-12, 14-18, and 20 of copending Application No. 09/619205. Although 
the conflicting claims are not identical, they are not patentably distinct from each other 
because the immediate application discloses a subsequent login, which is corresponds 
to the disclosed second login of Application No. 09/619205. The two terms are could 
easily be interchanged and are therefore are not patentably distinct. One of ordinary 
skill in the art would know that a subsequent login is synonymous with a second login 
because a second login would come after a first login. 

This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 



Claim Rejections - 35 USC ' 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by 
another filed in the United States before the invention thereof by the applicant for 
patent, or on an international application by another who has fulfilled the 
requirements of paragraphs (1 ), (2), and (4) of section 371(c) of this title before the 
invention thereof by the applicant for patent. 
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4. Claims, 1, 2, 5, 6, 8, 10, 11, 13, 15, 17, 18, 20, and 22 are rejected under 35 
U.S.C. 102(e) as being anticipated by Carroll (USP 6,105,131). 

As per claims 1,10, and 17 Carroll teaches: 

computer-readable program code means for processing a first sign-on during a 
secure session using a digital certificate, further comprising (column 8, lines 50-56): 

computer-readable program code means for establishing said secure 
session from a client machine to a server machine using said digital certificate, 
wherein said digital certificate represents an identity of said client machine or a 
user thereof (column 8, lines 56-64), 

computer-readable program code means for storing said digital certificate 
or a reference thereto at said server machine (column 9, lines 5-6); 

computer-readable program code means for establishing a session from 
said server machine to a host system using a legacy host communication 
protocol (column 2, lines 56-61); 

computer-readable program code means for passing said stored digital 
certificate or said reference from said server machine to a host access security 
system (column 8, lines 38-41); 

computer-readable program code means, operable in said host access 
security system, for authenticating said identity using said passed digital 
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certificate or a retrieved certificate which is retrieved using said reference 
(column 9, lines 11-13); 

computer-readable program code means for using said passed or 
retrieved digital certificate to locate access credentials for said user (column 3, 
lines 15-21); 

computer-readable program code means for accessing a stored password 
or generating a password substitute representing said located credentials 
(column 3, lines 21-33); and 

computer-readable program code means for using said stored password 
or said generated password substitute to transparently complete said first sign-on 
to a secure legacy host application executing at said host system (column 3, 
lines 34 and column 5, lines 50-51); and 

computer-readable program code means for processing a subsequent sign-on 
during said secure session using a second digital certificate for a second identity, 
wherein said second sign on requests access to said secure legacy host application or 
a different legacy host application by said user or by a different user, further comprising 
(column 3, line 33, column 5, lines 55-60, and column 6, lines 17-18): 

computer-readable program code means for receiving a subsequent sign- 
on request using said second digital certificate for said second identity (column 6, 
lines 26-30); 



Application/Control Number: 09/619,205 Page 6 

Art Unit: 2131 

computer-readable program code means for passing said second digital 
certificate or a second certificate reference from said server machine to said host 
access security system (column 8, lines 38-41); 

computer-readable program code means, operable in said host access 
security system, for authenticating said second identity using said passed second 
digital certificate or a second retrieved certificate which is retrieved using said 
second certificate reference (column 9, lines 11-13); 

computer-readable program code means, operable in said host access 
security system, for using said passed second digital certificate or said second 
retrieved certificate to locate second access credentials (column 3, lines 15-21); 

computer-readable program code means for accessing a second stored 
password or generating a second password substitute representing said second 
credentials (column 3, lines 21-33); and 

computer-readable program code means for using said second stored 
password or said second password substitute to transparently complete said 
subsequent sign-on to said secure legacy host application executing at said host 
system or said different legacy host application (column 3, lines 34 and column 5, 
lines 50-51). 

As per claims 2,11, and 1 8, Carroll teaches said digital certificate is an X.509 
certificate and said digital certificate reference and second certificate reference are 
references to an X.509 certificate (column 6, line 1 1 ). 
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As per claim 5, Carroll teaches said communication protocol is a Virtual Terminal 
protocol (column 2, line 50 and column 1, line 55). 

As per claims 6, 13, and 20, Carroll teaches the use of a host access security 
. system, which performs the function of a Resource Access Control Facility system 
(column 2, lines 49-55 and column 3, lines 23-33). 

As per claims 7, 14, and 21 , Carroll teaches said server machine is a Web 
application server machine (column 5, line 42). 

As per claims 8, 17, and 22, Carroll teaches said computer-readable program 
code means for processing said first sign-on further comprises: 

computer-readable program code means for requesting by said legacy 
host application, responsive to said computer-readable program code means for 
establishing said session, first sign-on information for said user (Figure 3a, 
element 18); 

computer-readable program code means for responding to said request 
for first sign-on information by sending a first sign-on message with placeholders 
from said client machine to said server machine, said placeholders representing 
a user identification and a password of said user (column 7, lines 14-17); and 

computer-readable program code means for substituting a user identifier 
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associated with said located access credentials and said stored password or said 
generated password substitute for said placeholders in said first sign-on 
message (column 3, lines 22-34); and 



said computer-readable program code means for processing said subsequent 
sign-on further comprises (column 6, lines 17-18): 

computer-readable program code: means for requesting, by said legacy 
host application, subsequent sign-on information for said second identity (Figure 
3c, element 60); 

computer-readable program code means for responding to said request 
for subsequent sign-on information by sending a subsequent sign-on message 
with placeholders from said client machine to said server machine, said 
placeholders representing a different user identification and a different password 
of said second identity (column 7, lines 14-17); and 

computer-readable program code means for substituting said second user 
identifier associated with said second access credentials and said second stored 
password or said second password substitute for said placeholders in said 
subsequent sign-on message (column 3, lines 22-34). 



As per claims 9, 16, and 23, Carroll teaches responding to said request for first 
sign-on information by supplying a user identifier associated with said located access 
credentials and said stored password or said generate password substitute at said 
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server machine and responding to said request for subsequent sign-on information by 
supplying said user identifier associated with said re-located access credentials and 
said re-accessed stored password or said new password substitute at said server 
machine (column 7, lines 14-17). 



Claim Rejections - 35 USC ' 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between 
the subject matter sought to be patented and the prior art are such that the 
subject matter as a whole would have been obvious at the time the invention 
was made to a person having ordinary skill in the art to which said subject 
matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

5. Claims 3, 4, 12, and 19, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Carroll in view of Cohen et al (USP 6, 1 78,51 1 ). 
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As per claims 3, 4, 12, and 19, Carroll teaches a secure method of 
communication that utilizes legacy protocols. Carroll does not explicitly teach the use of 
3270 emulation protocol or the 5250 emulation protocol. Cohen et al teach the use of 
3270 emulation protocol and the 5250 emulation protocol for a secure method of 
communication (column 4, line 27). Both the 3270 and 5250 emulation protocol are well 
established and known by those of ordinary skill in the art as a means to securely log a 
user into a system. Carroll's method of communication is centered on security. 

In view of this, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to employ the teaching of Cohen et al within the system of 
Carroll because it would allow the system to securely logon a user so that the user 
could then establish a secure connection with the other entities of the system. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael R Vaughan whose telephone number is 703- 
305-0354. The examiner can normally be reached on M-F 7:30-4:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

MV 

Michael R Vaughan 

Examiner 

Art Unit 2131 



/ ayaz sheikh 
iuppvi80ry patent examiner 
technology center 2100 




